• December 14, 2019, 01:56:12 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: IPSEC BETWEEN TWO DSR-250N  (Read 2648 times)

SarahDP

  • Level 1 Member
  • *
  • Posts: 1
IPSEC BETWEEN TWO DSR-250N
« on: November 07, 2016, 02:41:16 AM »

Hello,
I have two PC and two DSR-250N. Each PC is connecter to its DSR-250N by the LAN port. While DSR-250N are connectet with the WAN port.
How can I configure my IPSEC Policy to connect PC1 to PC2?
Do I have to enable L2TP Server and Client?

Sarah
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 47985
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: IPSEC BETWEEN TWO DSR-250N
« Reply #1 on: November 07, 2016, 07:06:00 AM »

Router:
Link>Welcome!

  • What Hardware version is your router? Look at sticker under the router case.
  • Link>What Firmware version is currently loaded? Found on the routers web page under status.
  • What region are you located?

Internet Service Provider and Modem Configurations
  • What ISP Service do you have? Cable or DSL?
  • What ISP Modem Mfr. and model # do you have?

Is there information in the user manual regarding IPSEC configurations on the DSR routers?
Logged
Cable:200mb/10Mb>NetGear C7800>DIR-882>DGS-1100>HP 24pt Gb Switch. COVR-3902/2202/1203,DIR-2680,890L,882,880L,868L,DNR-202L,DNS-345x2,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 432
Re: IPSEC BETWEEN TWO DSR-250N
« Reply #2 on: November 07, 2016, 02:08:25 PM »

Hi,

Quote
While DSR-250N are connectet with the WAN port

The WAN ports are not connected to the Internet but are attached to each other 'back to back'? Hence it is a test setup for VPN?

This is a simple model for a typical site-to-site IPsec-VPN, where both boxes operate as IPsec gateways for IPsec in tunnel mode in order to interconnect both LAN networks behind the boxes. Hence not only the two PCs but any PC at the one site can talk to any PC at the other site, as if they were connected by a single router. They aren't even aware of the VPN between them and no extra configuration (such like L2TP) is needed at the PCs beyond what is needed without the VPN.

To make this work you have to make sure that the LAN networks at both sites use different network addresses such like 192.168.1.0/24 and 192.168.2.0/24. In the boxes you have to specify plain IPsec with ESP in tunnel mode without L2TP and without NAT traversal. The peer address for one box is the WAN address of the other box respectvely. For any box you have to specify the remote LAN network behind the other box. Use IKEv1 with Main Mode authenticated via preshared key. Specify the same set of DH groups and security algorithms at both sites.

Later, if you connect the WAN interfaces to the Internet, the public addresses used should be static, hence they can be specified as peer addresses to each other. If one site doesn't have a static public address you need a dynamic DNS service (e.g. Dyn or Freedns) that resolves a fixed DNS name to the present public IP address.  In this case in the other box you would specifiy the peer addresse of type FQDN using that DNS name.

PT
Logged